public function store($object_id) { global $db; $object_id = (int) $object_id; if ($object_id) { $this->value_intvalue = (int) $this->value_intvalue; $ins_charvalue = $this->value_charvalue == null ? '' : stripslashes($this->value_charvalue); $q = new w2p_Database_Query(); $q->addTable('custom_fields_values'); if ($this->value_id) { $q->addUpdate('value_charvalue', $ins_charvalue); $q->addUpdate('value_intvalue', $this->value_intvalue); $q->addWhere('value_id = ' . $this->value_id); } else { $q->addInsert('value_module', ''); $q->addInsert('value_field_id', $this->field_id); $q->addInsert('value_object_id', $object_id); $q->addInsert('value_charvalue', $ins_charvalue); $q->addInsert('value_intvalue', $this->value_intvalue); } $rs = $q->exec(); $q->clear(); if (!$rs) { return $db->ErrorMsg() . ' | SQL: '; } } else { return 'Error: Cannot store field (' . $this->field_name . '), associated id not supplied.'; } }
function sanitizeString($_db, $str) { $str = strip_tags($str); $str = htmlentities($str); $str = stripslashes($str); return mysqli_real_escape_string($_db, $str); }
function art_save_postdata($post_id) { // verify this came from the our screen and with proper authorization, // because save_post can be triggered at other times if (!wp_verify_nonce($_POST['art-direction-nonce'], plugin_basename(__FILE__))) { return $post_id; } if ('page' == $_POST['post_type']) { if (!current_user_can('edit_page', $post_id)) { return $post_id; } } else { if (!current_user_can('edit_post', $post_id)) { return $post_id; } } // OK, we're authenticated: we need to find and save the data delete_post_meta($post_id, 'art_direction_single'); delete_post_meta($post_id, 'art_direction_global'); if (trim($_POST['single-code']) != '') { add_post_meta($post_id, 'art_direction_single', stripslashes($_POST['single-code'])); } if (trim($_POST['global-code']) != '') { add_post_meta($post_id, 'art_direction_global', stripslashes($_POST['global-code'])); return true; } }
function fetchMethodForm($uid, $step, $update = false) { global $task; switch ($step) { case 2: $lists = array(); $lists['action'] = _taskLink($task, $uid, array('step' => $step + 1), false); return HTML_DMUploadMethod::linkFileForm($lists); break; case 3: $url = stripslashes(JRequest::getString('url', 'http://')); $err = DMUploadMethod::linkFileProcess($uid, $step, $url); if ($err['_error']) { _returnTo($task, $err['_errmsg'], '', array("method" => 'link', "step" => $step - 1, "localfile" => '', "url" => DOCMAN_Utils::safeEncodeURL($url))); } $uploaded = DOCMAN_Utils::safeEncodeURL(_DM_DOCUMENT_LINK . $url); $catid = $update ? 0 : $uid; $docid = $update ? $uid : 0; $session = JFactory::getSession(); $session->set('docman.dmfilename', _DM_DOCUMENT_LINK); $session->set('docman.document_url', $url); return fetchEditDocumentForm($docid, $uploaded, $catid); break; default: break; } return true; }
function call_order($lng, $para, $filename = 'order', $outHTML = null) { $para = $this->fun->array_getvalue($para); $lngpack = $lng ? $lng : $this->CON['is_lancode']; $lng = $lng == 'big5' ? $this->CON['is_lancode'] : $lng; include admin_ROOT . 'datacache/' . $lng . '_pack.php'; $cartid = $this->fun->eccode($this->fun->accept('ecisp_order_list', 'C'), 'DECODE', db_pscode); $cartid = stripslashes(htmlspecialchars_decode($cartid)); $uncartid = !empty($cartid) ? unserialize($cartid) : null; $total = $this->fun->eccode($this->fun->accept('ecisp_order_productmoney', 'C'), 'DECODE', db_pscode); $total = empty($total) ? 0 : $total; $buylink = $this->get_link('order', array(), $lngpack); $this->pagetemplate->assign('lngpack', $LANPACK); $this->pagetemplate->assign('buylink', $buylink); $this->pagetemplate->assign('ordertotal', number_format($total, 2)); $this->pagetemplate->assign('total', $total); $this->pagetemplate->assign('uncartid', count($uncartid)); $this->pagetemplate->assign('cartid', $cartid); if (!empty($outHTML)) { $output = $this->pagetemplate->fetch(null, null, $outHTML); } else { $output = $this->pagetemplate->fetch($lng . '/lib/' . $filename); } return $output; }
/** * Wrapper for stripslashes() that complies with gpc_magic_quotes * @param string $string * @return string */ function contrexx_stripslashes($string) { if (CONTREXX_ESCAPE_GPC) { return stripslashes($string); } return $string; }
private static function sanitize($value) { $value = trim($value); $value = stripslashes($value); $value = htmlspecialchars($value); return $value; }
public function metaform() { $value = $this->getValue(); $data = $this->getData(); $attributes = $this->getAttr(); $form = array(); $options = array(); if (isset($data['options'])) { if (!is_admin()) { $new_options = array(); foreach ($data['options'] as $key => $option) { $tmp = $option['value']; $option['value'] = $option['types-value']; $option['types-value'] = $tmp; $new_options[$key] = $option; unset($tmp); } $data['options'] = $new_options; } foreach ($data['options'] as $key => $option) { $one_option_data = array('#value' => $option['value'], '#title' => stripslashes($option['title'])); /** * add default value if needed * issue: frontend, multiforms CRED */ // if (array_key_exists('types-value', $option)) { // $one_option_data['#types-value'] = $option['types-value']; // } $options[] = $one_option_data; } } /** * for user fields we reset title and description to avoid double * display */ $title = $this->getTitle(); if (empty($title)) { $title = $this->getTitle(true); } $options = apply_filters('wpt_field_options', $options, $title, 'select'); /** * default_value */ if (!empty($value) || $value == '0') { $data['default_value'] = $value; } $is_multiselect = array_key_exists('multiple', $attributes) && 'multiple' == $attributes['multiple']; $default_value = isset($data['default_value']) ? $data['default_value'] : null; //Fix https://icanlocalize.basecamphq.com/projects/7393061-toolset/todo_items/189219391/comments if ($is_multiselect) { $default_value = new RecursiveIteratorIterator(new RecursiveArrayIterator($default_value)); $default_value = iterator_to_array($default_value, false); } //############################################################################################## /** * metaform */ $form[] = array('#type' => 'select', '#title' => $this->getTitle(), '#description' => $this->getDescription(), '#name' => $this->getName(), '#options' => $options, '#default_value' => $default_value, '#multiple' => $is_multiselect, '#validate' => $this->getValidationData(), '#class' => 'form-inline', '#repetitive' => $this->isRepetitive()); return $form; }
function load_settings() { global $system__options_general, $system__options_defaults; $query = "SELECT * FROM " . table('options') . "\n WHERE option_type='general' OR option_type='default'"; $result = or_query($query); while ($line = pdo_fetch_assoc($result)) { $settings[$line['option_name']] = stripslashes($line['option_value']); } foreach ($system__options_general as $option) { if (isset($option['type']) && ($option['type'] == 'line' || $option['type'] == 'comment')) { } else { if (!isset($settings[$option['option_name']])) { $settings[$option['option_name']] = $option['default_value']; } } } foreach ($system__options_defaults as $option) { if (isset($option['type']) && ($option['type'] == 'line' || $option['type'] == 'comment')) { } else { if (!isset($settings[$option['option_name']])) { $settings[$option['option_name']] = $option['default_value']; } } } return $settings; }
public static function strips($data) { foreach ($data as $i => $v) { $data[$i] = stripslashes($v); } return $data; }
function mres($input) { if (get_magic_quotes_gpc()) { $input = stripslashes($input); } return mysql_real_escape_string($input); }
function sendMessage($form, $to, $subject, $body, $avatar = false, $allow_html = true) { if ($allow_html) { $this->header = $subject; $this->m_text = $body; } else { $this->header = stripslashes(htmlspecialchars($subject)); $this->m_text = stripslashes(htmlspecialchars($body)); } $this->send_date = date("Y-m-d H:i:s"); $this->author_id = $form; $this->recipient_id = $to; if (!$avatar) { $user = new UserModel(); $user->load($from); $this->avatar_id = $user->getUserAvatar($user->id); $this->avatar_id = $this->avatar_id['id']; } else { $this->avatar_id = $avatar; } $this->is_read = 0; $this->is_deleted = 0; $messageId = $this->save(); return $messageId; }
function validation($data, $files) { global $COURSE, $CFG; $errors = parent::validation($data, $files); $textlib = textlib_get_instance(); $name = trim(stripslashes($data['name'])); if ($data['id'] and $group = get_record('groups', 'id', $data['id'])) { if ($textlib->strtolower($group->name) != $textlib->strtolower($name)) { if (groups_get_group_by_name($COURSE->id, $name)) { $errors['name'] = get_string('groupnameexists', 'group', $name); } } if (!empty($CFG->enrol_manual_usepasswordpolicy) and $data['enrolmentkey'] != '' and $group->enrolmentkey !== $data['enrolmentkey']) { // enforce password policy only if changing password $errmsg = ''; if (!check_password_policy($data['enrolmentkey'], $errmsg)) { $errors['enrolmentkey'] = $errmsg; } } } else { if (groups_get_group_by_name($COURSE->id, $name)) { $errors['name'] = get_string('groupnameexists', 'group', $name); } } return $errors; }
/** * Handle a POST request for this map save ressource * @param Request request * @return Response */ function post($request) { $response = new Response($request); if (isset($_POST['map'])) { // Remove those slashes if (get_magic_quotes_gpc()) { $map = stripslashes($_POST['map']); } else { $map = $_POST['map']; } $map_obj = json_decode($map); $geocacheManager = GeocacheManager::getInstance(); $geocaches = $geocacheManager->parseGeocaches($map_obj->{"geocaches"}); foreach ($geocaches as $geocache) { $geocache->save(); } $ownWaypoints = $geocacheManager->parseOwnWaypoints($map_obj->{"costumMarkers"}); foreach ($ownWaypoints as $ownWaypoint) { $ownWaypoint->save(); } $response->code = Response::OK; $response->addHeader('Content-type', 'text/plain'); $response->body = print_r($map, true); } else { $response->code = Response::BADREQUEST; } return $response; }
function getTangentText($type, $keyword) { global $dbHost, $dbUser, $dbPassword, $dbName; $link = @mysql_connect($dbHost, $dbUser, $dbPassword); if (!$link) { die("Cannot connect : " . mysql_error()); } if (!@mysql_select_db($dbName, $link)) { die("Cannot find database : " . mysql_error()); } $result = mysql_query("SELECT sr_keywords, sr_text FROM soRandom WHERE sr_type = '" . $type . "' ORDER BY sr_ID ASC;", $link); $tempCounter = 0; while ($row = mysql_fetch_assoc($result)) { $pKey = "/" . $keyword . "/"; $pos = preg_match($pKey, $row['sr_keywords']); //echo $pos . " is pos<br>"; //echo $keyword; //echo " is keyword and this is the search return: " . $row['keywords']; if ($pos != 0) { $text[$tempCounter] = stripslashes($row["sr_text"]); $tempCounter++; } } mysql_close($link); //$text=htmlentities($text); return $text; }
public function autoRun() { if (!eregi('redirecionar=', $_SERVER['QUERY_STRING']) && !$this->system->input['redirecionar']) { $this->redir = base64_encode('index.php?' . $_SERVER['QUERY_STRING']); } else { $this->redir = stripslashes($this->system->input['redirecionar']); } switch ($this->system->input['do']) { case 'nova': $this->doEdicao(); break; case 'editar': $this->doEdicao(); break; case 'buscar': $this->doListar(); break; case 'listar': $this->doListar(); break; case 'apagar': $this->doDeletar(); break; default: $this->pagina404(); break; } }
static function undecorate($str) { if (!get_magic_quotes_gpc()) { $str = stripslashes($str); } return $str; }
protected function prepare() { include ABSPATH . 'wp-admin/includes/class-wp-upgrader.php'; try { $this->api = $api = Sputnik::get_plugin($this->id); } catch (Exception $e) { status_header(500); $this->header(); echo '<p>' . $e->getMessage() . '</p>'; $this->footer(); return; } if (!Sputnik::is_purchased($this->api->slug)) { wp_redirect(Sputnik_Admin::build_url(array('buy' => $this->id))); die; } if (!current_user_can('install_plugins')) { wp_die(__('You do not have sufficient permissions to install plugins for this site.', 'sputnik')); } check_admin_referer($this->nonce_prefix . $this->api->slug); include_once ABSPATH . 'wp-admin/includes/plugin-install.php'; $title = sprintf($this->title_format, $this->api->name . ' ' . $this->api->version); $nonce = $this->nonce_prefix . $this->id; $url = 'update.php?action=install-plugin&plugin=' . $this->id; if (isset($_GET['from'])) { $url .= '&from=' . urlencode(stripslashes($_GET['from'])); } $type = 'web'; //Install plugin type, From Web or an Upload. if ($this->api->is_theme) { $this->upgrader = new Sputnik_ThemeUpgrader(new Sputnik_View_Install_Skin(compact('title', 'url', 'nonce', 'plugin', 'api'))); } else { $this->upgrader = new Sputnik_Upgrader(new Sputnik_View_Install_Skin(compact('title', 'url', 'nonce', 'plugin', 'api'))); } }
public function save_all() { global $wpdb; $flag = FALSE; $ips_id_col = $wpdb->get_col('SELECT id FROM ' . $wpdb->prefix . 'formmaker_blocked'); foreach ($ips_id_col as $ip_id) { if (isset($_POST['ip' . $ip_id])) { $ip = esc_html(stripslashes($_POST['ip' . $ip_id])); if ($ip == '') { $wpdb->query($wpdb->prepare('DELETE FROM ' . $wpdb->prefix . 'formmaker_blocked WHERE id="%d"', $ip_id)); } else { $flag = TRUE; $wpdb->update($wpdb->prefix . 'formmaker_blocked', array('ip' => $ip), array('id' => $ip_id)); } } } if ($flag) { $message = 1; } else { $message = 0; } // $this->display(); $page = WDW_FM_Library::get('page'); WDW_FM_Library::fm_redirect(add_query_arg(array('page' => $page, 'task' => 'display', 'message' => $message), admin_url('admin.php'))); }
function content_569a53138b5903_87780724($_smarty_tpl) { ?> <!-- Block search module TOP --> <div id="search_block_top" class="col-sm-4 clearfix"> <form id="searchbox" method="get" action="<?php echo htmlspecialchars($_smarty_tpl->tpl_vars['link']->value->getPageLink('search', null, null, null, false, null, true), ENT_QUOTES, 'UTF-8', true); ?> " > <input type="hidden" name="controller" value="search" /> <input type="hidden" name="orderby" value="position" /> <input type="hidden" name="orderway" value="desc" /> <input class="search_query form-control" type="text" id="search_query_top" name="search_query" placeholder="<?php echo smartyTranslate(array('s' => 'Search', 'mod' => 'blocksearch'), $_smarty_tpl); ?> " value="<?php echo stripslashes(mb_convert_encoding(htmlspecialchars($_smarty_tpl->tpl_vars['search_query']->value, ENT_QUOTES, 'UTF-8', true), "HTML-ENTITIES", 'UTF-8')); ?> " /> <button type="submit" name="submit_search" class="btn btn-default button-search"> <span><?php echo smartyTranslate(array('s' => 'Search', 'mod' => 'blocksearch'), $_smarty_tpl); ?> </span> </button> </form> </div> <!-- /Block search module TOP --><?php }
function inp($data) { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); return $data; }
function PMA_gpc_extract($array, &$target, $sanitize = TRUE) { if (!is_array($array)) { return FALSE; } $is_magic_quotes = get_magic_quotes_gpc(); foreach ($array as $key => $value) { /** * 2005-02-22, rabus: * * This is just an ugly hotfix to avoid changing internal config * parameters. * * Currently, the following variable names are rejected when found in * $_GET or $_POST: cfg, GLOBALS, str* and _* */ if ($sanitize && is_string($key) && ($key == 'cfg' || $key == 'GLOBALS' || substr($key, 0, 3) == 'str' || $key[0] == '_')) { continue; } if (is_array($value)) { // there could be a variable coming from a cookie of // another application, with the same name as this array unset($target[$key]); PMA_gpc_extract($value, $target[$key], FALSE); } else { if ($is_magic_quotes) { $target[$key] = stripslashes($value); } else { $target[$key] = $value; } } } return TRUE; }
function stripStr($str) { if (get_magic_quotes_gpc()) { $str = stripslashes($str); } return addslashes(htmlspecialchars($str, ENT_QUOTES, 'UTF-8')); }
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = $theValue != "" ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = $theValue != "" ? intval($theValue) : "NULL"; break; case "double": $theValue = $theValue != "" ? doubleval($theValue) : "NULL"; break; case "date": $theValue = $theValue != "" ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = $theValue != "" ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; }
function Net_DNS_RR_TXT(&$rro, $data, $offset = '') { $this->name = $rro->name; $this->type = $rro->type; $this->class = $rro->class; $this->ttl = $rro->ttl; $this->rdlength = $rro->rdlength; $this->rdata = $rro->rdata; if ($offset) { if ($this->rdlength > 0) { $maxoffset = $this->rdlength + $offset; while ($maxoffset > $offset) { list($text, $offset) = Net_DNS_Packet::label_extract($data, $offset); $this->text[] = $text; } } } else { $data = str_replace('\\\\', chr(1) . chr(1), $data); /* disguise escaped backslash */ $data = str_replace('\\"', chr(2) . chr(2), $data); /* disguise \" */ ereg('("[^"]*"|[^ \\t]*)[ \\t]*$', $data, $regs); $regs[1] = str_replace(chr(2) . chr(2), '\\"', $regs[1]); $regs[1] = str_replace(chr(1) . chr(1), '\\\\', $regs[1]); $regs[1] = stripslashes($regs[1]); $this->text = $regs[1]; } }
/** * Set of functions used with the relation and pdf feature */ function PMA_transformation_getOptions($string) { $transform_options = array(); /* Parse options */ for ($nextToken = strtok($string, ','); $nextToken !== false; $nextToken = strtok(',')) { $trimmed = trim($nextToken); if ($trimmed[0] == '\'' && $trimmed[strlen($trimmed) - 1] == '\'') { $transform_options[] = substr($trimmed, 1, -1); } else { if ($trimmed[0] == '\'') { $trimmed = ltrim($nextToken); while ($nextToken !== false) { $nextToken = strtok(','); $trimmed .= $nextToken; $rtrimmed = rtrim($trimmed); if ($rtrimmed[strlen($rtrimmed) - 1] == '\'') { break; } } $transform_options[] = substr($rtrimmed, 1, -1); } else { $transform_options[] = $nextToken; } } } // strip possible slashes to behave like documentation says $result = array(); foreach ($transform_options as $val) { $result[] = stripslashes($val); } return $result; }
function mysql_fix_string($conn, $string) { if (get_magic_quotes_gpc()) { $string = stripslashes($string); } return $conn->real_escape_string($string); }
function replace_input($input) { $output = stripslashes($input); $output = filter_var($output, FILTER_SANITIZE_SPECIAL_CHARS); $output = trim($output, "/"); return $output; }
function validate($data = null) { $this->errors = array(); if (!empty($data)) { $data = empty($data[$this->model]) ? $data : $data[$this->model]; foreach ($data as $dkey => $dval) { $this->data->{$dkey} = stripslashes($dval); } extract($data, EXTR_SKIP); if (empty($gallery_id)) { $this->errors['title'] = __('No gallery was specified', $this->plugin_name); } if (empty($slide_id)) { $this->errors['title'] = __('No slide was specified', $this->plugin_name); } if (empty($this->errors)) { if ($galleryslide = $this->find(array('gallery_id' => $gallery_id, 'slide_id' => $slide_id))) { $this->data->id = $galleryslide->id; } } } else { $this->errors[] = __('No data was posted', $this->plugin_name); } return $this->errors; }
public function saveFile($data) { $post = (object) $data; self::setMapping(); // recupera variáveis $fileData = $_FILES["filedata"]; $fileName = $fileData["name"]; $fileType = $fileData["type"]; $tempName = $fileData["tmp_name"]; $dataType = self::$mapping[$fileType]; if (!is_uploaded_file($tempName)) { self::$response->success = false; self::$response->text = "O arquivo não foi enviado com sucesso. Erro de sistema: {$fileData['error']}."; return json_encode(self::$response); } if (!array_key_exists($fileType, self::$mapping)) { return '{"success":false,"records":0,"error":2,"root":[],"text":"Tipo de arquivo não mapeado para esta operação!"}'; } // comprime arquivo temporário if ($dataType === true) { self::sizeFile(); self::workSize($tempName); } $tempData = base64_encode(file_get_contents($tempName)); // recupera extensão do arquivo $fileExtension = strtoupper(strrchr($fileName, ".")); $fileExtension = str_replace(".", "", $fileExtension); $fileInfo = array("fileType" => $fileType, "fileExtension" => $fileExtension, "dataType" => $dataType, "fileName" => $fileName); $fileInfo = stripslashes(json_encode($fileInfo)); $affectedRows = $this->exec("update {$post->tableName} set filedata = '{$tempData}', fileinfo = '{$fileInfo}' where id = {$post->id}"); unlink($tempName); return $affectedRows; }